Originally published on SC Media

The White House's March 6 executive order (EO) on combating cybercrime, fraud, and predatory schemes arrives at a critical moment.

In 2024 alone, cybercrime exceeded $12.5 billion in losses. Ransomware continues to disrupt hospitals, schools, and water systems. And according to CISA, more than 90% of successful cyberattacks begin with a phishing email, an enduring and highly effective entry point that adversaries continue to exploit.

It's encouraging to see the federal government act decisively to address the same foundational problems that the security community has been grappling with for years. Notably, this EO does not treat cybercrime as a narrow technical issue. Instead, it frames it as a national security and law enforcement priority that demands coordinated action across diplomacy, intelligence, defense, and the private sector.

Issued alongside the EO, President Trump's Cyber Strategy for America articulates a proactive posture that breaks sharply from prior frameworks. Two directives, drawn from across the strategy's six policy pillars, stand out:

"We must detect, confront, and defeat cyber adversaries before they breach our networks and systems."

"We will work to adopt AI-powered cybersecurity solutions to defend federal networks and deter intrusions at scale."

These are operational commitments, not aspirational language. The first reflects the strategy's intent to shape adversary behavior by disrupting threats before they gain access. The second signals that agencies must move beyond legacy, signature-based tools, and that the government will reform procurement to remove barriers to entry so that the government can “buy and use the best technology.” For federal agencies still relying on static defenses, it’s a clear message.

The EO identifies phishing, impersonation, financial fraud, and malware deployment as core tactics used by transnational criminal organizations. These tactics share a common thread—email is the delivery mechanism.

Annual FISMA reporting indicates that among the nine tracked threat vectors, email and phishing consistently rank as the second or third most prevalent across the federal enterprise behind only nebulously defined “improper usage” and “other/unknown.”

Chinese APT groups, including APT31, APT27, and Storm-0558, have repeatedly used email as the initial access vector in campaigns targeting U.S. government agencies and officials. The 2023 Microsoft Exchange Online intrusion alone resulted in the exfiltration of more than 60,000 emails from the State Department.

AI has lowered the barrier to sophisticated impersonation and fraud at a speed that overwhelms traditional defenses. Yet, equally powerful AI-native defensive tools, built on behavioral baselining and anomaly detection, now exist to preempt these attacks even when they contain no known indicators of malicious intent. It’s the kind of capability the cyber strategy envisions.

The distinction between AI as a feature bolted onto a legacy product and AI as the operational foundation of a security system matters enormously. Purpose-built AI systems, those designed from the ground up for a specific mission, such as detecting anomalous email behavior, deliver the precision, speed, and adaptability that federal networks require. They can make millions of autonomous security decisions daily without requiring human review of every alert, freeing security teams to focus on strategic threat hunting rather than chasing false positives.

We’re not talking about a theoretical approach. Public sector organizations are already operationalizing AI-native email security with measurable results.

The University of Texas at Austin Regional SOC (RSOC) has worked to deploy advanced email security services to counties across Texas, creating a shared service model that extends enterprise-grade protection to smaller entities that lack the resources to build these capabilities on their own. UT's own analysis over several years found that 87% of breaches start with phishing, and the RSOC's explicit objective was to mitigate the ransomware threat further upstream by improving email defenses. This approach, centralized operation with distributed protection, mirrors exactly the kind of scalable, efficient architecture the Trump cyber strategy envisions for federal networks.

Los Angeles County, the largest county in the United States with 135,000 mailboxes, has reported both stronger security outcomes and meaningful operational efficiencies after deploying AI-native email security. The county's SOC ticket volume dropped from roughly 75,000 annually to about 2,000, a reduction of more than 96%. The cybersecurity team's efficiency rate improved from approximately 13% to more than 90%, resulting in an estimated $4 million in annual time savings. These are the kinds of outcome-driven metrics the administration's management agenda demands.

The federal government recognized this risk in 2021, when CISA began exploring a Protective Email Service (PES) concept for the federal government. PES aimed to prevent malicious content from reaching federal employees, offer centralized visibility for cyber hunting, identify threats based on behavioral patterns, and deliver advanced analytics on threat campaigns.

That line of effort remains relevant today, arguably more so. Under federal policy (OMB M-21-31), agencies are required to submit all phishing attempts to CISA, yet it’s unclear whether this requirement has been fully met or the resulting data meaningfully operationalized. As agencies refine their approach to combating cyber-enabled crime, modernizing shared email defenses with AI-driven capabilities represents a logical next step.

A modernized PES, built on cloud-native, AI-native technology that deploys via API without complex system integration, could reduce systemic risk and operational burden on individual agencies while strengthening CISA's ability to manage email-borne threats at enterprise scale.

The Trump EO sets a 60-day review and 120-day action plan timeline. The cyber strategy lays out six policy pillars that will guide implementation in the months ahead. The problems this EO seeks to address—phishing, impersonation, fraud, and account compromise—have been persistent challenges for defenders for more than a decade. But the scale and sophistication of the threat have changed dramatically.

Generative AI has made it far easier for adversaries to craft convincing social engineering attacks that exploit trust and identity inside organizations. Recognizing these risks as national security priorities reflects an important shift in how cyber-enabled fraud gets understood and addressed at the federal level.

The email inbox remains one of the primary places where trust, identity, and access intersect. Protecting it requires security capabilities that understand patterns of human communication, adapt to evolving threats in real-time, and operate at the scale of modern digital ecosystems. As agencies modernize their defenses in response to this EO, technologies that can analyze behavioral context—not just static indicators—will play a critical role in preventing the next generation of attacks.

Interested in learning more about how AI-native email security can protect federal agencies? Schedule a demo today.